Certificate-based Authentication

Authentication is the process of confirming an identity. In the context
of network interactions, authentication is the confident identification of
one party by another party. Certificates are one way of supporting authentication.

Using Certificates for Authentication

A certificate consists of digital data that specifies the name of
an individual, company, or other entity, and verifies that the public key,
included in the certificate, belongs to that entity. Both clients and servers
can have certificates.

A certificate is issued and digitally signed by a Certificate
Authority (CA). The CA can either be a company that sells certificates over
the Internet, or a department responsible for issuing certificates for your
company’s intranet or extranet. You decide which CAs to trust to serve
as verifiers of other people’s identities.

In addition to a public
key and the name of the entity identified by the certificate, a certificate
also includes an expiration date, the name of the CA that issued the certificate,
and the “digital signature” of the issuing CA. For more information
regarding the content and format of a certificate, see Introduction
to SSL.

Note –

A server certificate must be installed before encryption can be
activated.

Server Authentication

Server authentication refers to the confident identification of
a server by a client. The process involves identifying the organization is
responsible for the server at a specific network address.

Client Authentication

Client authentication refers
to the confident identification of a client by a server. The process involves
identifying the person using the client software. Clients can have multiple
certificates, much like a person might have several different kind of identification.

Virtual Server Certificates

You can have a different certificate database for each virtual server.
Each virtual server database can contain multiple certificates. Virtual servers
can also have different certificates within each server instance.